Sergey Molchanov писал(а):
Добрый день! В логах что 620тый пишет?
Галка IPSec pass through нужна для инициирования туннеля за роутером(с LAN-клиента).
Вот такой лог.
Код:
Jan 1 03:00:20 IPSEC[1351]: Updating config
Jan 1 03:00:20 make_or_clean_dir[1351]: Path /tmp/var/racoon/scripts exists, clearing up
Jan 1 03:00:20 ipsec_clean_psk[1351]: Cleaning psk
Jan 1 03:00:20 IPSEC[1351]: Starting to configure tunnel to peer '62.x.x.x' [1 of 1]
Jan 1 03:00:20 get_ipaddr_by_name[1351]: Resolv 62.x.x.x
Jan 1 03:00:20 IPSEC[1351]: Remote peer '62.x.x.x' was resolved to '62.x.x.x', ok
Jan 1 03:00:20 IPSEC[1351]: Add tunnel on [eth1] to peer 62.x.x.x
Jan 1 03:00:20 IPSEC[1351]: Got L3 on [eth1]
Jan 1 03:00:20 get_ipaddr_by_name[1351]: Resolv 178.x.x.x
Jan 1 03:00:20 IPSEC[1351]: Identifier (address) successfully resolved to '178.x.x.x'
Jan 1 03:00:20 IPSEC[1351]: Setting conf on [eth1]
Jan 1 03:00:20 ipsec_phase1_link_to_event[1351]: Adding symlink /tmp/var/racoon/scripts/ipsec_p1_up_1 to /sbin/event
Jan 1 03:00:20 ipsec_phase1_link_to_event[1351]: Adding symlink /tmp/var/racoon/scripts/ipsec_p1_down_1 to /sbin/event
Jan 1 03:00:20 ipsec_add_psk[1351]: Adding psk for '62.x.x.x'
Jan 1 03:00:20 IPSEC[1351]: Add tunnels to peer 62.x.x.x
Jan 1 03:00:20 IPSEC[1351]: - Add tunnel src net 192.168.88.0/24 <=> 192.168.87.0/24 dst net
Jan 1 03:00:20 DMS_NL_API[1351]: Rtnetlink answer: File exists
Jan 1 03:00:20 DMS_ROUTE_ERROR[1351]: ADD 192.168.87.0/24 via 192.168.88.1 dev (null) metr 0 table 254 (ipsec_fill_config)
Jan 1 03:00:20 racoon: ERROR: libipsec failed pfkey check (Invalid SA type)
Jan 1 03:00:20 racoon: INFO: unsupported PF_KEY message REGISTER
Jan 1 03:00:20 racoon: ERROR: libipsec failed pfkey check (Invalid SA type)
Jan 1 03:00:20 racoon: ERROR: such policy already exists. anyway replace it: 192.168.88.0/24[0] 192.168.87.0/24[0] proto=any dir=out
Jan 1 03:00:20 racoon: ERROR: such policy already exists. anyway replace it: 192.168.87.0/24[0] 192.168.88.0/24[0] proto=any dir=in
Jan 1 03:00:20 racoon: ERROR: such policy already exists. anyway replace it: 192.168.87.0/24[0] 192.168.88.0/24[0] proto=any dir=fwd
Jan 1 03:00:20 racoon: INFO: caught signal 15
Jan 1 03:00:21 racoon: INFO: racoon shutdown
Jan 1 03:00:21 racoon: INFO: @(#)ipsec-tools 0.7.3 (http://ipsec-tools.sourceforge.net)
Jan 1 03:00:21 racoon: INFO: @(#)This product linked OpenSSL 1.0.0e 6 Sep 2011 (http://www.openssl.org/)
Jan 1 03:00:21 racoon: INFO: Reading configuration from "/tmp/racoon.conf"
Jan 1 03:00:21 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=7)
Jan 1 03:00:21 racoon: INFO: 127.0.0.1[500] used for NAT-T
Jan 1 03:00:21 racoon: INFO: 178.x.x.x[500] used as isakmp port (fd=9)
Jan 1 03:00:21 racoon: INFO: 178.x.x.x[500] used for NAT-T
Jan 1 03:00:21 racoon: INFO: 192.168.88.1[500] used as isakmp port (fd=10)
Jan 1 03:00:21 racoon: INFO: 192.168.88.1[500] used for NAT-T
Jan 1 03:00:21 resident_ipoe_handler[1351]: is done on iface eth1_2 with action up
Jan 1 03:00:21 resident_ipoe_handler[1351]: exit
Oct 11 16:51:11 racoon: INFO: respond new phase 1 negotiation: 178.x.x.x[500]<=>62.x.x.x[500]
Oct 11 16:51:11 racoon: INFO: begin Identity Protection mode.
Oct 11 16:51:11 racoon: INFO: received Vendor ID: CISCO-UNITY
Oct 11 16:51:11 racoon: INFO: received Vendor ID: DPD
Oct 11 16:51:11 racoon: INFO: ISAKMP-SA established 178.x.x.x[500]-62.x.x.x[500] spi:b2abc65257828568:b61dd47836d5dd99
Oct 11 16:51:11 event[1623]: ipsec_handler - type:p1;action:up;id:1;localip:178.x.x.x;localport:500;remoteip:62.x.x.x;remoteport:500;
Oct 11 16:51:11 ipsec_phase_1_do_up[1626]: Up status of tunnel with int_id = 1
Я и забыл, про логи.
Как трактовать запись
libipsec failed pfkey check (Invalid SA type)UPDВ логах MikroTik, кстати тишина...
Вход
Регистрация
FAQ
Поиск
